JP2001189722A - Radio communication system, radio terminal, radio base station, authentication card and authenticating method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a radio communication system realizing accurate authentication in a radio LAN system, a radio terminal, a radio base station, an authentication card and an authenticating method. SOLUTION: This radio communication system using a radio LAN, consists of the base station 10, at least one terminal 12 performing radio communication with the station 10 and at least one authentication card 14 which corresponds to at least one between the terminal 12 and the station 10, is used for authentication processing in a corresponding terminal 12 or the station 10, has a storing part 30 storing terminal information proper to the terminal 12 and transmits and receives terminal information between the station 10 and the terminal 12.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

The present invention relates to a wireless communication system using a wireless LAN, a wireless terminal constituting the system, a wireless base station, an authentication card used in the wireless communication system, and an authentication method for the wireless communication system. About. In particular, the present invention relates to a wireless LAN such as IEEE 802.11.
The present invention relates to an authentication technique between wireless terminals or between a wireless base station and a wireless terminal in an AN system.

[0002]

2. Description of the Related Art With the development of LAN (local area network) technology in recent years, in an office environment, networking centered on connection between personal computers has progressed, and at present, a wired LAN system is installed in most offices. It is coming. With the spread of such wired LAN,
Recently, there has been a movement to replace a part of a wired LAN with a wireless LAN system. For example, wired L
This includes making wireless terminals of the AN wireless and accessing a wired LAN such as a portable personal computer. Wireless LAN
Since radio waves, infrared rays, and the like are used as the transmission path, there is an advantage that there is no need to lay wiring, and that a new network or layout change is easy. In particular, in 1997
Since the specification of the wireless LAN using the 4 GHz band has been completed by IEEE (IEEE 802.11), the wireless LAN
In combination with the rapid decrease in the price of wireless LANs, the speed of the spread of wireless LANs is remarkable at present.

[0003] In IEEE 802.11, standardization of wireless LANs has been continued with the aim of further increasing the speed. Since the current transmission rate of the system is as low as about 1 to 2 Mbps, IEEE 802.11 further requires a transmission rate of 2.4 Mbps.
Standardization of a high-speed wireless communication system capable of realizing a transmission speed of about 10 Mbps using a GHz band, a next-generation wireless LAN system using a wireless frequency of a 5 GHz band, and the like are being promoted. Under such circumstances, it is expected that the wireless LAN system will become more widespread and spread not only in office environments but also in ordinary households.

[0004] Under such circumstances, it is considered that a large number of environments in which a plurality of wireless LAN systems are adjacent or coexist in the same space will be constructed in the near future. For this reason, IEEE 802.11 requires a plurality of wireless LANs.
When a system coexists, an authentication process is defined between wireless terminals or between a wireless base station and a wireless terminal (Chapter 8 of IEEE 802.11 specifications). That is,
In an environment where a plurality of wireless LANs are adjacent to each other, the wireless zones of the wireless LANs may overlap with each other. In such a case, in each wireless LAN,
It is necessary to surely grasp which wireless terminal is connected to each wireless base station, and to avoid erroneous connection of wireless terminals belonging to other wireless LANs. For this reason, IEEE 802.11
Specifies an authentication process for enabling only a specific wireless terminal to connect to each wireless base station.

FIG. 17 shows a specific sequence chart of an authentication process defined by IEEE 802.11. FIG. 17 illustrates a case where wireless communication is performed between a wireless terminal (wireless base station) 100 serving as an access point and a wireless terminal 102 in a wireless zone of the wireless base station 100. FIG.
As shown in FIG. 7, in the authentication process defined by IEEE 802.11, first, the wireless terminal 102 sends an authentication request to the wireless base station 100 via wireless communication (step S17).
1). This authentication request describes an authentication algorithm that can be executed by the wireless terminal 102. Here, the authentication algorithm employs a well-known common key encryption method. The wireless terminal 102 holds the common key in advance.

[0006] Based on this authentication request, the radio base station 100
Generates a predetermined pattern, encrypts the pattern using an authentication algorithm described in the authentication request, and generates a challenge text. Then, the challenge text is transmitted to wireless terminal 102 (step S172). The wireless terminal 102 that has received the challenge text decrypts the challenge text using the held common key (decryption key) and sends the decrypted result back to the wireless base station 100 (step S173). The wireless base station 100 reads the transmitted decryption result, and if the decryption result is correct, that is, if the decryption result is the same as the first generated pattern, the authentication processing of the wireless terminal 102 ends. Then, the access permission is notified to the wireless terminal 102 (step S174).

When the authentication process is completed, the wireless base station 100
A key used for data communication (for example, a common key of a common key cryptosystem) is exchanged between the wireless terminal 102 and the wireless terminal 102 (step S175). Then, the wireless base station 100 and the wireless terminal 10 are encrypted and decrypted using the common key.
2 is performed (step S17).
6).

[0008]

As described above, the IE
When a wireless LAN such as EE802 is widely used in homes, the wireless zones of the wireless LANs may overlap between adjacent homes. In this case, it is necessary to avoid erroneous connection of the wireless terminal of the wireless LAN of the adjacent home.
In addition, unauthorized access due to so-called “spoofing” must be prevented.

[0009] However, IEEE 802.11 does not specifically define security in the authentication processing between wireless terminals or between a wireless base station and a wireless terminal. In other words, the IEEE 802.11 only stipulates that the security at the time of key exchange shown in step S175 of FIG. 17 is "notify via some secure route". For this reason,
The key may leak to a third party irrespective of intentional or negligence, and it is impossible to completely prevent erroneous connection or unauthorized access.

Therefore, the wireless LAN system reliably authenticates the wireless terminals connected to the wireless LAN so as to prevent erroneous connection or unauthorized access by the wireless terminals of the wireless LAN of another neighboring home and to group the wireless terminals. It is necessary to have a function to manage (logical group management function).
This is not limited to the wireless terminal of the adjacent wireless LAN, and for example, other wireless LANs that enter the wireless zone while moving.
The same applies to wireless terminals belonging to the AN.

In particular, wireless LA such as IEEE 802.11
In N, it is difficult for the user to specify the reach of radio waves emitted by the wireless base station. Therefore,
In the future, a wireless LAN system will require an authentication technique for reliably identifying and grouping wireless terminals to be connected.

An object of the present invention is to provide a wireless communication system, a wireless terminal, a wireless base station, an authentication card, and an authentication method for solving the above problems and realizing accurate authentication in a wireless LAN system. .

[0013]

SUMMARY OF THE INVENTION In order to solve the above problems, the present invention provides a base station, at least one terminal that wirelessly communicates with the base station, and a card corresponding to at least one of the terminal and the base station. And at least one authentication card having a storage unit for storing authentication information used in an authentication process in a corresponding terminal or a base station, and transferring the authentication information between the base station and the corresponding terminal. Is a first feature of the present invention.

Here, the “base station” is a wireless terminal (wireless base station) serving as an access point. For example, wired L
When connected to an AN, wireless LAN terminals can be realized. A “terminal” is a wireless terminal that performs wireless communication with each other via a base station. For example, a home DVD player, a digital VTR, a digital video camera, an office personal computer, a printer, or the like, having a wireless communication function. The “authentication card” is a nonvolatile recording medium, such as a well-known IC card, smart card, chip card, intelligent card, SD card, and the like.

According to the first aspect of the present invention, the authentication information used in the authentication processing of the terminal with respect to the base station is transferred between the terminal and the base station via an authentication card in which security is ensured, thereby achieving accurate authentication. Processing can be realized. More specifically, the identification number of the terminal, the encryption / decryption key held by the terminal, and the encryption method of the key, using an authentication card,
Notify the base station directly. Then, the authentication process of the terminal to the base station is performed by encrypted communication using the key.
Delivery of keys etc. is performed via an authentication card, not via wireless communication, so keys etc. do not leak to third parties,
The reliability of the authentication process can be improved.

Further, not only the identification number of the terminal, the encryption / decryption key (terminal key) held by the terminal, and the encryption method of the key, but also the identification number of the base station and the encryption / decryption key held by the base station
The decryption key (base key) and the encryption method of the key may be directly notified to the terminal using an authentication card. In this case, the other party can be authenticated only by exchanging these keys and the like, and the authentication process can be simplified.

According to a second aspect of the present invention, there is provided a terminal having a control unit for controlling wireless communication with a base station according to the terminal described in the first aspect. It is a wireless terminal that passes authentication information used in the processing to and from the base station via an authentication card associated with the terminal or the base station.

In the second invention, when the authentication card is sold with the terminal or the like, the identification number of the terminal and the encryption / decryption key (terminal key) held by the terminal are included in the authentication information. , And the encryption method of the key may be stored in the authentication card in advance. Further, the terminal may hold the above information in advance and write the information to the authentication card. In this case, the terminal may be provided with a holding unit for holding the above information, and a writing unit for writing the information held in the holding unit to the authentication card. When the identification number of the base station, the encryption / decryption key (base key) held by the base station, and the encryption method of the key are received using an authentication card, the information is read out from the authentication card. Section and a management section for registering and managing such information. Of course, a configuration in which the above-described writing unit and reading unit are integrated into one unit may be used.

According to the second aspect, the authentication processing of the terminal with respect to the base station can be performed accurately. For this reason, erroneous connection of terminals belonging to another wireless LAN can be avoided.

According to a third aspect of the present invention, there is provided a base station having a control unit for controlling wireless communication with a terminal, according to the base station described in the first aspect, wherein the authentication of the terminal is performed. This is a wireless base station that passes authentication information used in processing to and from a terminal via an authentication card associated with the terminal or the base station.

[0021] In the third invention, an identification number of a base station,
What is necessary is just to provide a writing unit for writing the encryption / decryption key (base key) held by the base station and the encryption method of the key on the authentication card, and a holding unit for holding such information in advance. Further, a reading unit for reading out the identification number of the terminal, an encryption / decryption key (terminal key) held by the terminal, and an encryption method of the key from the authentication card, and a management unit for registering and managing the information may be provided. .

According to the third aspect, it is possible to accurately authenticate a terminal requesting an authentication process. For this reason, erroneous connection of terminals belonging to another wireless LAN can be avoided.

A fourth aspect of the present invention relates to the authentication card described in the first aspect, wherein the authentication card is associated with a base station or a terminal that wirelessly communicates with the base station. An authentication card that has a storage unit that stores authentication information used in authentication processing with a station, and that passes the authentication information to and from a terminal associated with the base station. More specifically, information unique to a terminal or a base station, including at least one key used in communication processing between the terminal and the base station, and an encryption method of the key, is stored, and the information is stored. It is an authentication card that is passed between the base station and the terminal.

In the fourth aspect, the storage section may be constituted by a nonvolatile semiconductor memory such as a flash memory or an EEPROM. This is because these memories can be electrically read / written and security can be ensured.

According to the fourth aspect, it is possible to transfer authentication information between the base station and the terminal with high security. For this reason, the security of the authentication process of the terminal to the base station, which is performed using the authentication information, is secured. As a result, the base station can correctly authenticate the terminal requesting the authentication process, and as a result, erroneous connection of a terminal belonging to another wireless LAN can be avoided.

A fifth feature of the present invention is that (a) an identification number of a terminal, at least one terminal key for encrypting and decrypting communication for authentication processing of the terminal, and an encryption method of the terminal key, Passing the terminal information unique to the terminal to the base station via an authentication card, (b) registering the terminal information in the base station, and (c) transmitting the terminal information to the base station using the terminal key. And encrypting / decrypting wireless communication between the terminal and the terminal, and performing an authentication process for the terminal with respect to the base station. Or (a) encrypting / decrypting the identification number of the base station and communication for authentication processing of the base station;
Passing base information unique to the base station, including at least one base key and an encryption method of the base key, to the terminal via an authentication card; and (b) registering the base information in the terminal. , (C) encrypting and decrypting wireless communication between the terminal and the base station using the base key, and performing an authentication process for the terminal of the base station.

The fifth invention relates to a wireless communication method realized by the wireless communication system described in the first feature, and has the same effect as the first feature.
Specifically, the identification number of the terminal, the encryption and
Authentication information including the decryption key and the encryption method of the key,
This relates to a case where a notification is directly sent to a base station using an authentication card. Alternatively, the present invention relates to a case where authentication information including an identification number of a base station, an encryption / decryption key held by the base station, and an encryption method of the key is directly notified to a terminal using an authentication card.

A sixth feature of the present invention is that (a) an identification number of a terminal, at least one terminal key for encrypting / decrypting wireless communication with a base station, and an encryption method of the terminal key,
Passing the terminal information unique to the terminal to the base station via the authentication card, (b) registering the passed terminal information in the base station, (c) an identification number of the base station, Passing base information specific to the base station to the terminal via the authentication card, including at least one base key for encrypting and decrypting wireless communication with the terminal, and an encryption method for the base key; (D) registering the passed base information in the terminal, and (e) encrypting / decrypting wireless communication between the base station and the terminal using the terminal key and the base key, Transmitting data to and from a station.

The sixth aspect of the present invention relates to a wireless communication method realized by the wireless communication system described in the first aspect, and has the same effect as the first aspect.
Specifically, the identification number of the terminal, the encryption and
In addition to the notification of the decryption key (terminal key) and the encryption method of the key, the identification number of the base station, the encryption / decryption key (base key) held by the base station, and the encryption method of the key also use the authentication card. This is related to a case where the terminal is used to notify the terminal directly.

A seventh feature of the present invention is that (a) an identification number of a terminal, at least one terminal key for encrypting / decrypting wireless communication with a base station, and an encryption method of the terminal key,
Passing the terminal information unique to the terminal to the base station via the authentication card, (b) registering the passed terminal information in the base station, (c) the identification number of the base station, Passing base information specific to the base station to the terminal via the authentication card, including at least one base key and an encryption method of the base key, for encrypting / decrypting wireless communication between the terminals.
(D) registering the passed base information in the terminal;
(E) encrypting and decrypting wireless communication between the base station and the terminal using the terminal key and the base key, and transmitting data between the terminal and the base station; ), (E) or (c), (d), and (e).

The seventh aspect of the present invention relates to a wireless communication method realized by the wireless communication system described in the first aspect, and has the same effect as the first aspect.
Specifically, the identification number of the terminal, the encryption and
At least one of: a notification of a decryption key (terminal key) and an encryption method of the key, an identification number of the base station, an encryption / decryption key (base key) held by the base station, and a notification of an encryption method of the key. It is related to the case of execution.

[0032]

Embodiments of the present invention will be described below in detail with reference to the drawings. In the following description of the drawings, the same or similar parts are denoted by the same or similar reference numerals.

(First Embodiment) FIG. 1 is a diagram showing a configuration of a wireless communication system according to a first embodiment of the present invention. A wireless communication system according to a first embodiment of the present invention is a wireless LA installed in an environment such as a home or an office.
N system. In FIG. 1, for simplification of the description, the number of wireless terminals connected to the wireless LAN will be described as one.

As shown in FIG. 1, a wireless communication system according to a first embodiment of the present invention includes a wireless base station 10 forming a wireless zone, a wireless terminal 12 wirelessly communicating with the wireless base station 10, Information unique to the wireless terminal 12 (hereinafter referred to as “terminal information”) is stored, and the terminal information is stored in the wireless terminal 12.
An authentication card 14 for notifying the radio base station 10 directly from
At least.

(A) Radio Base Station 10 The radio base station 10 is connected to, for example, a wired LAN, and becomes an access point of the wireless LAN.
A wireless terminal that serves as an interface with the AN. The wireless base station 10 connects the wireless terminal 12 to another wireless terminal (not shown) in the wireless zone of the wireless base station 10.

The radio base station 10 includes a radio control unit 16 having an antenna 16a, an authentication card reading unit 18 into which the authentication card 14 is inserted and terminal information stored in the authentication card 14 is read, and a reading unit 18 which reads the terminal information. A terminal information management unit 2 for acquiring, registering, and managing the issued terminal information
0 at least.

The radio control unit 16 controls radio communication between the radio base station 10 and the radio terminal 12, and uses the antenna 16a to transmit the radio terminal 12 via a transmission wave 22 such as radio waves or infrared rays. Data (information) is transmitted / received to / from. In addition, the wireless control unit 16 has encryption processing means (not shown) for executing data encryption processing and data decryption processing in order to perform communication using encryption techniques such as a common key encryption method and a public key encryption method. I have. This encryption processing means can be realized by, for example, software, a hardware program, or the like.

The authentication card reading section 18 is an interface connecting the wireless base station 10 and the authentication card 14, and an insertion slot (not shown) into which the authentication card 14 is inserted.
have. The reading unit 16 reads the terminal information in the authentication card 14 inserted into the insertion slot, and outputs the terminal information to the terminal information management unit 20. Further, the read terminal information can be displayed on a display unit (not shown) such as a display (CRT screen) provided in the radio base station 10, for example. The user can visually confirm the terminal information via the display unit.

The terminal information management unit 20 acquires the terminal information of the wireless terminal 12 read by the reading unit 18 and registers and manages the terminal information. The terminal information is registered in, for example, a table, and management of the terminal information of the plurality of wireless terminals is facilitated. The wireless base station 10 uses terminal information registered in the terminal information management unit 20 when communicating with the wireless terminal 12.

(B) Wireless Terminal 12 The wireless terminal 12 is, for example, a DVD player at home,
It is a digital VTR, digital video camera, personal computer, printer, or the like, and is a terminal that communicates with another wireless terminal via the wireless base station 10. Of course, it may be either a stationary type or a portable terminal that is assumed to be portable. The wireless terminal 12 has the antenna 2
4a, an authentication card writing unit 26 which inserts the authentication card 14 and writes terminal information unique to the wireless terminal 12 into the authentication card 14, and a terminal information holding unit which holds the terminal information in advance 28 at least.

The radio control unit 24 controls radio communication between the radio base station 10 and the radio terminal 12, similarly to the radio control unit 16 of the radio base station 10. In addition, it has an encryption processing means (not shown) for communication using encryption technology.

The authentication card writing unit 26
2 and an authentication card 14.
It has an insertion slot (not shown) into which the authentication card 14 is inserted. The writing unit 26 acquires the terminal information from the terminal information holding unit 28, and executes the writing of the terminal information on the authentication card 14 inserted into the insertion slot.

The terminal information holding unit 28 holds terminal information unique to the wireless terminal 12, and the terminal information is embedded when the wireless terminal 12 is manufactured, for example. The terminal information is output to the outside only through the authentication card writing unit 26. The holding unit 28 is configured by, for example, a mask ROM, an EPROM, or the like, which is a read-only semiconductor memory. In these memories, data is not destroyed even when the power is turned off, and data once written can be stored semi-permanently.

Here, in the first embodiment of the present invention,
The terminal information includes (a) an identification number unique to the wireless terminal 12 (hereinafter, referred to as “terminal ID”), and (b) a key (encryption key and decryption key) available for the wireless terminal 12 during data communication. Key), (c) the encryption method of the key, and (d) at least one authentication algorithm used in the authentication process. The terminal ID is a device-specific identification number assigned to the wireless terminal 12 at the time of manufacture, for example. Of course, it is not necessarily required to be assigned at the time of manufacture, and it is sufficient if the identification number is unique to the wireless terminal 12. The key is, for example, a common key for a well-known common key cryptosystem. By notifying the common key to the wireless base station 10, communication (authentication processing) with the wireless base station 10 can be concealed. Becomes The wireless terminal 12 and the wireless base station 10 that has received the notification of the key perform both encryption and decryption processing using the same key. The key may be generated from the terminal ID, for example. This is because a key unique to the wireless terminal 12 can be easily generated. Of course, the key may be generated independently of the terminal ID. The encryption method is
This key system is specified, and for example, DES, FERL, etc., which are types of the common key cryptosystem, are shown. The authentication algorithm is an algorithm (program) for actually performing an authentication process, and the wireless terminal 12 has at least one authentication algorithm. The authentication algorithm employs, for example, a well-known common key cryptosystem,
The wireless terminal 12 holds the common key. Wireless terminal 1
2 and the wireless base station 10 that has received the notification of the authentication algorithm executes the authentication process using the same authentication algorithm.

(C) Authentication Card 14 The authentication card 14 is a non-volatile recording medium, and includes, for example, a well-known IC card, smart card, chip card, intelligent card, SD card, and the like. The authentication card 14 is provided with a storage unit 30 including a writable and erasable non-volatile memory such as an EEPROM and a flash memory, and stores the terminal information in the storage unit 30.

The authentication card 14 is inserted into the authentication card writing unit 26 of the wireless terminal 12 by a user, for example, and stores the terminal information of the wireless terminal 12 in the storage unit 30. Then, the terminal information inserted into the authentication card reading unit 18 of the wireless base station 10 and stored in the storage unit 30 is notified to the wireless base station 10.

For example, the authentication card 14
, Or the wireless terminal 1
It may be sold separately from 2. When the authentication card 14 is attached to the wireless terminal 12, the terminal information may be embedded in advance when the authentication card 14 is manufactured. Authentication card writing unit 26 of wireless terminal 12
And the terminal information holding unit 28 becomes unnecessary,
The weight, size, and cost of the device can be further reduced.

Next, the operation of the first embodiment of the present invention will be described with reference to the example shown in FIG. In the example of FIG. 2, the wireless LAN system is located in Mr. A's home. Although not shown, another wireless LAN is also installed in Mr. B's home. At a predetermined position in Mr. A's home, Mr. A's wireless base station 12a is installed.
The wireless zone 32 of 2a extends in Mr. A's home.
Furthermore, a part of the wireless zone 32 reaches the home of Mr. B adjacent to the home of Mr. A. Then, Mr. A is a wireless terminal 12a such as a personal computer or a wireless AV device.
And 12b, while Mr. B
Owns 4.

In such a case, in this Mr. A's wireless LAN system, which wireless terminal 12a,
It must be completely understood whether 12b is connected. This is because Mr. B's wireless terminal 34 is connected to Mr. A's wireless LAN due to incorrect connection or unauthorized access.
This is because there is a risk of being connected to This is because if Mr. B's wireless terminal 34 is connected, Mr. A's favorite information, private information, etc. will pass through to Mr. B.

Therefore, in a wireless LAN such as IEEE 802.11, the process of joining / leaving the wireless terminal 12 to the wireless LAN system and the authentication process are specified. It is impossible to completely prevent the information from being stolen by a person. In the present invention, the terminal information is directly notified from the wireless terminal 12 (12a, 12b) to the wireless base station 10a via the authentication card 14 shown in FIG. This prevents the leakage of the terminal information and ensures the security of the authentication process between the wireless base station 10a and the wireless terminal 12 executed using the terminal information. As a result, only Mr. A's radio terminal 12 is reliably connected to Mr. A's radio base station 10a.
Even if they are inside, Mr. B's wireless terminal 34 will not be connected.

FIG. 3 shows a specific sequence chart of the authentication method of the wireless communication system according to the first embodiment of the present invention.

(1) First, the terminal information of the wireless terminal 12 is stored in the authentication card 14 (step S3).
1). The storage of the terminal information is executed by the authentication card writing unit 26 of the wireless terminal 12. As described above, when the terminal information of the wireless terminal 12 is embedded in the authentication card 14 in advance, this step S31 is unnecessary.

(2) The authentication card 14 in which the terminal information is written can be stored in the radio base station 1 by the user, for example.
0 is inserted into the authentication card reading unit 18 (step S32).

(3) The authentication card reading unit 18 with the authentication card 14 inserted reads terminal information of the wireless terminal 12 stored in the authentication card 14. Then, the read terminal information is output to the terminal information management unit 20. The terminal information management unit 20 acquires the read terminal information,
It is tabulated and registered (step S33).

(4) The power of the wireless terminal 12 is turned on.
Alternatively, the wireless terminal 12 is located in the wireless zone 3 of the wireless base station 10.
2, the wireless terminal 12 sends an authentication request R to the wireless base station 10 (step S34). The authentication request R is encrypted ([R] ^* KM1) with the key (here, described as “KM1”) notified to the wireless base station 10 by the authentication card 14, and transmitted to the wireless base station 10. [X] ^* y is obtained by encrypting information x using key y /
Indicates decryption.

The authentication request R includes the terminal ID of the wireless terminal 12
And an authentication algorithm used in the current authentication processing. This authentication algorithm is stored in the payload of the packet to be transmitted, and the payload is encrypted with the key KM1. Also, terminal I
D is described in the header portion of the packet, and the radio base station 10
Identifies the authentication requesting wireless terminal 12 from the terminal ID in the header section. The wireless base station 10 can determine whether or not an authentication request can be made based on whether or not the terminal ID of the wireless terminal 12 that has issued the authentication request is registered in the terminal information management unit 20.

(5) Encrypted authentication request [R] ^* KM
1 is received by the wireless base station 10
The key KM1 of the wireless terminal 12 of the authentication request source registered in the authentication request is extracted, and the authentication request R ′ is decrypted (R ′ = ｛[R] ^* ) ^.
KM1｝ ^* KM1). Then, the radio base station 10 generates a predetermined pattern P, encrypts the pattern P using the decrypted authentication algorithm, and generates a challenge text T. The generated challenge text T is
The data is encrypted by the key KM1 ([T] ^* KM1) and transmitted to the wireless terminal 12 (step S35).

(6) Encrypted challenge text
[T]^*Upon receiving the KM1, the wireless terminal 12 sends the key KM1
To decrypt the challenge text T ′ (T ′ =
｛[T] ^*KM1｝^*KM1). Further, the wireless terminal 12
Uses the common challenge algorithm T '
Decrypt using the key. Then, the decryption result P 'is re-
And encrypted with the key KM1 ([P ']^*KM1),
The data is transmitted to the wireless base station 10 (step S36).

(7) The wireless base station 1 that has received the decrypted result [P '] ^* KM1 of the encrypted challenge text
0 is decrypted by the key KM1 (P ′ = ｛[P ′] ^* K
M1｝ ^* KM1), it is determined whether or not the decrypted result P ′ of the challenge text is equal to the first generated pattern P. If they are equal (P = P '), it is determined that the wireless terminal 12 is correct, and the authentication processing of the wireless terminal 12 is terminated. Then, the access permission is notified to the wireless terminal 12. This notification of the access permission is also encrypted with the key KM1 (step S37).

(8) After the access permission is notified, the wireless base station 10 performs encryption and decryption processing using the key KM1.
A confidential communication is performed between the communication terminal and the wireless terminal 12.

The terminal information is stored in the authentication card 14 according to the first embodiment of the present invention, for example, as follows. FIG. 4 shows terminal information stored in the authentication card 14 in the above example. As shown in FIG. 4, the authentication card 14 stores the terminal information of the wireless terminal 12.
Specifically, a terminal ID of the wireless terminal 12, a key (KM1) used for authentication processing and subsequent data transmission, an encryption method of the key, and a plurality of authentication algorithms usable in the authentication processing are described. . FIG. 4 shows a case where the wireless terminal 12 uses only one key in the authentication processing or the like, but the present embodiment is not limited to this. For example, when there are a plurality of available encryption methods and different keys are used for each of them, the keys corresponding to the respective encryption methods may be described separately. In this case, step S in FIG.
At 34, after one set of encryption method and key is selected, the encryption method and key will be used in subsequent steps.

In the first embodiment of the present invention, as the terminal information, attribute information of the wireless terminal 12, for example, information such as “DVD made by Company A” that can be seen by a human to identify the wireless terminal 12 , Can also be included. FIG. 5 shows a display example of the display unit of the wireless base station 10. In this case, such attribute information is transmitted to the wireless terminal 12 via the authentication card 14.
By notifying the wireless base station 10 from the above, the work for the authentication process by the user can be made more efficient and simpler. That is, it is actually not easy for the user to specify the wireless terminal 12 using only the terminal ID. Usually, this is because the terminal ID is merely an arrangement of numbers and alphabets including the year of manufacture, model number, serial number, and the like. For this reason, as shown in FIG. 5, if attribute information such as “VTR made by Company B” is included in addition to the terminal ID, the wireless terminal 1
2 can be easily specified. As a result, for example, the user can execute the following processing.

(1) By displaying the list of the wireless terminals 12 on the display unit of the wireless base station 10, the user can recognize the wireless terminals 12 that are currently registered.

(2) Further, based on the list display,
The user can also delete the registered wireless terminal 12 or the like.

(3) In addition, upon registration, after checking the attribute information of the wireless terminal 12, it can be determined whether or not to actually register.

Of course, the attribute information is not limited to the above example. For example, the owner name, performance / characteristics, remaining battery amount, purchase date, installation location, manufacturing date, maintenance information, inquiry destination information, etc. Such contents may be used.

FIG. 6 shows terminal information registered in the terminal information management section 20 of the radio base station 10 in the above example. FIG.
In the example, two wireless terminals 12 (wireless terminals (1) and (2)) are registered. Then, for each wireless terminal 12, a terminal ID, a key, and a plurality of available authentication algorithms are registered. Furthermore, regarding the authentication algorithm, the algorithms actually used include:
Some symbol (here, the symbol “execute”) is attached. Of course, the authentication algorithm that is actually executed and the authentication algorithm that can be executed may be described separately. The radio base station 10
2 when the authentication request is received from the terminal information management unit 12 with reference to the information of the authentication requesting wireless terminal 12.
The authentication process with the wireless terminal 12 is executed.

In the first embodiment of the present invention, if the priority (priority) of each wireless terminal 12 is set at the time of an authentication request of the wireless terminal 12, each wireless terminal 12 is set according to the priority. Can be restricted. For example, in the example of FIG.
This is effective when his wireless terminal 12 is temporarily connected to his wireless LAN and used. When the wireless terminal 12 of Mr. A is connected to the wireless LAN of Mr. B, by setting the priority of the wireless terminal 12 to be low, for example, the registration of the wireless terminal 12 is valid only on that day, and on the next day, The registration can be automatically deleted. As a result, Mr. A's wireless terminal 12 becomes Mr. B's wireless LA.
N can be prevented from remaining connected.

As other specific examples of the priority, information stored in the terminal information management unit 20 is retained even after the power of the radio base station 10 is turned off, and information deleted when the power is turned off. And may be set so as to be automatically deleted not only in the unit of “day” as described above but also in units of “hour”. The priority of each wireless terminal 12 may be set while viewing the terminal information at the time of an authentication request. This is because the user can make settings while visually checking. Therefore, the wireless base station 10 may be configured to be able to set the priority while displaying the terminal information. By setting such a priority, the wireless LAN can be adapted to a more complicated use environment.

(Second Embodiment) Next, a second embodiment of the present invention will be described.
An embodiment will be described. The second embodiment of the present invention is different from the first embodiment in that the IEEE
This is an example of realizing an authentication process between wireless terminals or between a wireless base station and a wireless terminal that is closer to the authentication process defined in 02.11.

FIG. 7 is a specific sequence chart of the authentication method of the wireless communication system according to the second embodiment of the present invention. As shown in FIG. 7, the second embodiment of the present invention differs from the first embodiment in that a key exchange in step S78 is added. That is, FIG.
In the authentication process according to the first embodiment, the key KM1 previously notified from the wireless terminal 12 to the wireless base station 10 by the authentication card 14 by the authentication card 14 and its encryption method are also used in the data transmission in step S38. Used. In the second embodiment, a key for data transmission and its encryption method are newly exchanged between the radio base station 10 and the radio terminal 12 in step 78 shown in FIG. Then, data is transmitted by performing encryption and decryption using the exchanged key and encryption system. That is, the key used in the authentication process is different from the key used in the data transmission.
For this reason, consistency with the authentication process defined in IEEE 802.11 is easily obtained, and adaptability with the existing wireless LAN is improved.

In the second embodiment of the present invention, the exchange of the data transmission key and the encryption method is determined, for example, by the radio base station 10, and the key and the encryption method are determined by the terminal information management unit of the radio base station 10. 20. In FIG.
5 shows terminal information registered in the terminal information management unit 20 of the wireless base station 10 in the above example. As shown in FIG. 8, in addition to the information of each wireless terminal 12 (wireless terminals (1) and (2)), a key KB used for data transmission on the wireless LAN
1 and its encryption method are also registered. In FIG. 8, only one key KB1 used for data transmission is registered. However, when different keys are used for a plurality of encryption methods, the key corresponding to each encryption method is used. It is possible to register separately.

In the second embodiment of the present invention, FIG.
The data transmission in step S79 is the same key KB in both directions.
Although the encryption and the decryption are performed by using No. 1, the present invention is not limited to this. For example, when data is transmitted from the wireless base station 10 to the wireless terminal 12, the key KB1 is used. When data is transmitted from the wireless terminal 12 to the wireless base station 10, the key KM1 of the wireless terminal 12 is used. May be used. That is, a different key may be used for each direction.

(Third Embodiment) Next, a third embodiment of the present invention will be described.
An embodiment will be described. The above first and second
In the embodiment of the present invention, only the terminal information unique to the wireless terminal 12 is notified to the wireless base station 10 via the authentication card 14, but in the third embodiment of the present invention, the wireless base station 10 (Hereinafter referred to as “base information”) to the wireless terminal 12 via the authentication card 14. That is, in the third embodiment of the present invention, the terminal information is transmitted from the wireless terminal 12 to the wireless base station 10 and the base information is transmitted from the wireless base station 10 to the wireless terminal 1 via the authentication card 14.
2 is an example in which each is notified directly. In this example,
By exchanging terminal information and base information with each other,
The authentication processing of the first and second embodiments can be greatly simplified.

FIG. 9 is a diagram showing a configuration of a radio communication system according to the third embodiment of the present invention. Elements common to those in FIG. 1 are denoted by the same reference numerals, and description thereof is omitted. In FIG. 9, as in the case of FIG. 1, the number of wireless terminals connected to the wireless LAN is one for simplicity of description. As shown in FIG. 9, the wireless communication system according to the third embodiment of the present invention includes a wireless base station 10 forming a wireless zone and a wireless base station 10 similar to the first embodiment of FIG. A wireless terminal 12 that wirelessly communicates with the wireless terminal 12, and stores terminal information of the wireless terminal 12, and stores the terminal information
An authentication card 14 for notifying the radio base station 10 directly from
At least. Further, in the third embodiment of the present invention, the authentication card 14 stores the base information of the wireless base station 10 and notifies the base information from the wireless base station 10 to the wireless terminal 12 directly.

[0076] Specifically, the radio base station 10 according to the third embodiment of the present invention differs from the radio control unit 16 and the terminal information management unit 20 of the first embodiment in FIG. An information holding unit 36 is provided. Further, the authentication card reading section 18 of the first embodiment is replaced with an authentication card reading / writing section 38. The base information holding unit 36 holds base information unique to the radio base station 10, and the base information is embedded when the radio base station 10 is manufactured, for example. The base information is output to the outside only through the authentication card read / write unit 38. The base information holding unit 36 is composed of, for example, a mask ROM, an EPROM, or the like, which is a read-only semiconductor memory. In these memories, data is not destroyed even when the power is turned off, and data once written can be stored semi-permanently.

Here, the “base information” includes (a) an identification number unique to the radio base station 10 (hereinafter, referred to as “base station ID”), and an available number of the radio base station 10 at the time of data communication. ,
At least (b) a key (encryption key and decryption key) and (c) an encryption method of this key are included. Base station ID
Is, for example, an identification number unique to the device, which is assigned when the wireless base station 10 is manufactured. Of course, it is not necessarily required to be assigned at the time of manufacture, and any identification number unique to the radio base station 10 may be used. The key is, for example, a common key for a well-known common key encryption method.
By notifying 2, the communication with the wireless terminal 12 can be kept secret. The wireless base station 10 and the wireless terminal 12 that has received the notification of this key perform both encryption and decryption processing using the same key. The key may be generated from the base station ID, for example. This is because a key unique to the wireless base station 10 can be easily generated. Of course, the key may be generated independently of the base station ID. In addition, the encryption method specifies this key method,
For example, DES and FERL which are types of the common key cryptosystem
Etc. are indicated.

The authentication card read / write unit 38
Like the authentication card reading unit 18 of the first embodiment,
This is an interface connecting the wireless base station 10 and the authentication card 14, and has an insertion slot (not shown) into which the authentication card 14 is inserted. When reading the authentication card 14, the reading / writing unit 38 reads the terminal information in the authentication card 14 inserted into the insertion slot, and outputs the terminal information to the terminal information management unit 20. Further, the read terminal information is provided, for example, in the radio base station 10.
Display unit (not shown) such as a display (CRT screen)
Can be displayed on the display. The user can visually confirm the terminal information via the display unit.
On the other hand, when writing the authentication card 14, the base information is acquired from the base information holding unit 36, and the writing of the base information is executed on the authentication card 14 inserted into the insertion slot.

The radio terminal 12 according to the third embodiment of the present invention, specifically, includes base station information in addition to the radio control unit 24 and the terminal information holding unit 28 of the first embodiment of FIG. A management unit 40 is provided. Further, the authentication card writing unit 26 of the first embodiment is replaced with an authentication card reading / writing unit 42. The base information management unit 40 acquires the base information of the wireless base station 10 read by the reading unit / writing unit 42,
Register and manage. The base information is registered in the form of, for example, a table, and management of base information of a plurality of wireless base stations is facilitated. The wireless terminal 12 uses base information registered in the base information management unit 40 when communicating with the wireless base station 10.

The authentication card read / write unit 42
As with the authentication card writing unit 26 of the first embodiment,
This is an interface connecting the wireless terminal 12 and the authentication card 14, and has an insertion slot (not shown) into which the authentication card 14 is inserted. When writing the authentication card 14, the read / write unit 42 sets the terminal information holding unit 28
And writes the terminal information to the authentication card 14 inserted in the insertion slot. When reading the authentication card 14, the read / write unit 42 reads the base information in the authentication card 14 inserted into the insertion slot, and outputs the base information to the base information management unit 40. Further, the read base information can be displayed on a display unit (not shown) such as a display (CRT screen) provided in the wireless terminal 12, for example.
The user can visually confirm the base information via the display unit.

Next, the operation of the third embodiment of the present invention will be described. FIG. 10 shows a specific sequence chart of the authentication method of the wireless communication system according to the third embodiment of the present invention.

(1) First, the terminal information of the wireless terminal 12 held in the terminal information holding unit 28 of the wireless terminal 12 is stored in the authentication card 14 (step S10).
1). The storage is executed by the authentication card read / write unit 42. If the terminal information of the wireless terminal 12 is embedded in the authentication card 14 in advance, this step S101 becomes unnecessary. Also, the wireless terminal 12
If there are a plurality of executable keys and their encryption methods, the plurality of keys and their encryption methods are stored.

(2) The authentication card 14 in which the terminal information is written can be stored in the radio base station 1 by the user, for example.
No. 0 is inserted into the authentication card read / write unit 38 (step S102).

(3) The authentication card read / write unit 38 into which the authentication card 14 is inserted,
The terminal information of the wireless terminal 12 stored therein is read. Then, the read terminal information is output to the terminal information management unit 20. The terminal information management unit 20 acquires the read terminal information, creates a table, and registers it (step S10).
3).

(4) Next, the authentication card read / write unit 38 of the wireless base station 10 writes the base information of the wireless base station 10 held in the base information holding unit 36 into the authentication card 1
4 (step S104). Here, when a plurality of encryption methods are notified in step S103, the wireless base station 10 may select any one of them. Then, the wireless base station 10 and the wireless terminal 12
This is because it is possible to ensure the communication between

(5) The authentication card 14 with the base information written therein is again inserted into the authentication card read / write unit 42 of the wireless terminal 12 by the user's hand (step S105).

(6) The authentication card read / write unit 42 with the authentication card 14 inserted therein
The base information of the wireless base station 10 stored therein is read.
Then, the read base information is output to the base information management unit 40. The base information management unit 40 acquires the read base information, creates a table, and registers the table (step S10).
6).

(7) Then, the radio base station 10
The key (here) notified to the wireless terminal 12 by the
In this example, the data DB is encrypted using "KB1").
([DB]^*KB1), and transmit it to the wireless terminal 12.
Encrypted data [DB] ^*Radio that received KB1
The terminal 12 is a wireless base registered in the base information management unit 40.
The data DB 'is decrypted using the key KB1 of the station 10.
(DB '= ｛[DB]^*KB1｝^*KB1).

On the other hand, the wireless terminal 12 sends the key (here,
The data DM is encrypted ([DM] ^* KM1) using "KM1") and transmitted to the radio base station 10. The wireless base station 10 that has received the encrypted data [DM] ^* KM1 decrypts the data DM ′ using the key KM1 of the wireless terminal 12 registered in the terminal information management unit 20 (D
M '= {[DM] ^* KM1} ^* KM1). In this manner, the confidential communication is performed between the wireless base station 10 and the wireless terminal 12.

Step S1 of the third embodiment of the present invention
In the authentication card 14 at the stage of 05, for example, the following terminal information and base information are stored. FIG. 11 shows the terminal information and the base information stored in the authentication card 14 in the above example. As shown in FIG. 11, the authentication card 14 includes the base information of the wireless base station 10 and the wireless terminal 12.
Terminal information is stored. Specifically, the wireless terminal 1
As for 2, a terminal ID of the wireless terminal 12, a key KM1 used for data transmission, and an encryption method of the key are described. The encryption method includes both an encryption method actually executed at the time of data transmission and an executable encryption method. Some code (here, the code “execute”) is attached to the encryption method that is actually executed. Of course, the encryption method that is actually executed and the encryption method that can be executed may be described separately. FIG. 11 shows a case in which the wireless terminal 12 uses only one key, but this embodiment is not limited to this. For example, there are several available ciphers,
When a different key is used for each, a key corresponding to each encryption method may be described separately. In this case, the wireless base station 10 can specify an encryption method and a key used by the wireless terminal 12. Similarly, information on the radio base station 10 is also stored.

FIG. 12 shows the base information registered in the base information management unit 40 of the wireless terminal 12 in the above example. FIG.
In the example of 2, the base station ID, key, and encryption method of the wireless base station 10 are registered. In the example of FIG. 12, only information of one wireless base station is registered, but information of a plurality of wireless base stations may be registered in the base information management unit 40.

FIG. 13 shows terminal information registered in the terminal information management unit 20 of the radio base station 10 in the above example. In the example of FIG. 13, two wireless terminals 12 (wireless terminals (1) and (2)) are registered. For each wireless terminal 12, a terminal ID, a key, and a plurality of available encryption methods are registered. Regarding the encryption system, some code (here, the code “execute”) is attached to the encryption system actually used. Further, in the example of FIG. 13, the base station I of the wireless base station 10
D, a key, and an encryption method are also registered.

(Fourth Embodiment) Next, a fourth embodiment of the present invention will be described.
An embodiment will be described. In the third embodiment, when data is transmitted between the wireless base station 10 and the wireless terminal 12, different keys (key KB1 and key K1) are used for each direction.
Although encryption and decryption are performed using M1), in the fourth embodiment of the present invention, secrecy of data transmission between the wireless base station 10 and the wireless terminal 12 is realized using the same key. Is what you do.

FIG. 14 is a specific sequence chart of the authentication method of the radio communication system according to the fourth embodiment of the present invention. As shown in FIG. 14, in the fourth embodiment of the present invention, in step S147, data transmission in any direction, that is, data transmission from the radio base station 10 to the radio terminal 12, The third embodiment differs from the third embodiment in that the same key KB1 is used for data transmission to the third embodiment. Hereinafter, a specific description will be given.

(1) First, the terminal information of the wireless terminal 12 held in the terminal information holding unit 28 of the wireless terminal 12 is stored in the authentication card 14 (step S14).
2). The storage is executed by the authentication card read / write unit 42. However, the terminal information stored in the authentication card 14 does not include the key and the encryption method, and it is sufficient that at least the terminal ID is provided. If the terminal information of the wireless terminal 12 is embedded in the authentication card 14 in advance, step S141 is not necessary.

(2) The authentication card 14 in which the terminal information is written is stored in the radio base station 1 by the user, for example.
No. 0 is inserted into the authentication card read / write unit 38 (step S142).

(3) The authentication card read / write unit 38 into which the authentication card 14 is inserted,
The terminal information of the wireless terminal 12 stored therein is read. Then, the read terminal information is output to the terminal information management unit 20. The terminal information management unit 20 acquires the read terminal information, creates a table, and registers it (step S14).
3). However, as described above, since the key and encryption method of the wireless terminal 12 are not notified to the wireless base station 10, the registration contents of the terminal information management unit 20 do not include the key and encryption method of the wireless terminal 12.

(4) Next, the authentication card read / write unit 38 of the wireless base station 10 writes the base information of the wireless base station 10 held in the base information holding unit 36 into the authentication card 1
4 (step S144). Here, the base information stored in the authentication card 14 includes not only the base station ID but also the key and encryption method of the wireless base station 10.

(5) The authentication card 14 into which the base information has been written is again inserted into the authentication card read / write unit 42 of the wireless terminal 12 by the user's hand (step S145).

(6) The authentication card read / write unit 42 with the authentication card 14 inserted therein
The base information of the wireless base station 10 stored therein is read.
Then, the read base information is output to the base information management unit 40. The base information management unit 40 acquires the read base information, creates a table, and registers the table (step S14).
6). Here, as described above, the key and the encryption method of the wireless base station 10 are notified to the wireless terminal 12, so that the registration contents of the base information management unit 40 include the key and the encryption method of the wireless base station 10. It is.

(7) Then, the radio base station 10
The key (here) notified to the wireless terminal 12 by the
In this example, the data DB is encrypted using "KB1").
([DB]^*KB1), and transmit it to the wireless terminal 12.
Encrypted data [DB] ^*Radio that received KB1
The terminal 12 is a wireless base registered in the base information management unit 40.
The data DB 'is decrypted using the key KB1 of the station 10.
(DB '= ｛[DB]^*KB1｝^*KB1).

On the other hand, the wireless terminal 12 encrypts the data DM ([DM] ^* KB1) using the key KB1 notified from the wireless base station 10 by the authentication card 14, and transmits the data DM to the wireless base station 10. Encrypted data [DM] ^*
The radio base station 10 that has received KB1 decrypts the data DM ′ using the key KB1 (DM ′ = ｛[DM] ^* K) ^.
B1｝ ^* KB1). In this manner, the confidential communication is performed between the wireless base station 10 and the wireless terminal 12.

In the fourth embodiment of the present invention, the wireless base station 10 can notify the same key and encryption method to all wireless terminals 12 connected to the wireless LAN. For this reason, for example, the same key and encryption method can be used in the entire home wireless LAN. Further, by using such a method, it is possible to perform confidential communication directly (without passing through a wireless base station) between wireless terminals.

In the fourth embodiment of the present invention, the authentication processing between radio base station 10 and radio terminal 12 has been described. However, the present invention is also applicable to the authentication processing between radio base stations and between radio terminals. It is possible. In the method described in the first to fourth embodiments, the wireless terminal 12
A series of processes is started from the means for storing the terminal information of the wireless base station 10 in the authentication card 14. The same effect can be obtained.

(Fifth Embodiment) Next, a fifth embodiment of the present invention will be described.
An embodiment will be described. FIG. 15 is a diagram for explaining a wireless communication system according to the fifth embodiment of the present invention. Elements common to FIGS. 1 and 9 are denoted by the same reference numerals, and description thereof is omitted. . The first to fourth above
In the embodiment, the authentication card reading unit 18
The (authentication card read / write unit 38) is disposed inside the radio base station 10, but the fifth embodiment of the present invention employs the authentication card read unit 18 (authentication card read / write unit 38). The authentication card read / write device 44 is replaced with the authentication card read / write device 44, and the authentication card read / write device 44 is disposed outside the wireless base station 10.

Normally, the radio base station 10 is located at a position with good visibility in the radio zone. This is for avoiding obstruction such as an obstacle and ensuring communication with each wireless terminal 12. In addition, it may be installed in a complicated place in the wireless zone. This is because, for example, in the case of an access point of a wired LAN, a wiring route of the wired LAN is restricted. In such a case, the operation of the user inserting the authentication card 14 into the authentication card reading unit 18 (authentication card reading / writing unit 38) is performed by the radio base station 10
It becomes very difficult depending on the installation location.

The inventor of the present invention has made intensive studies in order to avoid such a problem, and as a result, the authentication card reading section 18 has been described.
It has been found that the provision of the (authentication card read / write unit 38) outside the radio base station 10 makes it easier to insert the authentication card 14. That is, according to the fifth embodiment of the present invention, as shown in FIG.
4 and an authentication card read / write device 44
Is placed in a place where the operation of inserting the authentication card 14 is facilitated. The wireless base station 10 and the authentication card read / write device 44 are connected by any interface. For this reason, the user can easily insert the authentication card 14.

In the fifth embodiment of the present invention, the connection between the radio base station 10 and the read / write unit 44 may be established by, for example, an IEEE1394 interface. This is because connection with a plurality of wireless base stations 10 becomes easy. Of course, the connection is not limited to the IEEE 1394, and the connection may be made with some dedicated wiring.

(Sixth Embodiment) Next, a sixth embodiment of the present invention will be described.
An embodiment will be described. In the above-described first to fifth embodiments, the example has been described in which the authentication processing of the wireless terminal 12 with respect to one wireless base station 10 is performed. This is an example related to the authentication processing of the wireless terminal 12. FIG. 16 is a diagram for explaining a wireless communication system according to the sixth embodiment of the present invention. Elements common to FIGS. 1 and 9 are denoted by the same reference numerals, and description thereof is omitted. .

Normally, at home, a plurality of radio base stations 10
May be arranged. For example, in the example illustrated in FIG. 16, the wireless base station 10 is arranged in each of the living room and the reception room. In such an environment, each wireless terminal 12
A method of using the radio wave within a range where the radio waves of the two radio base stations 10 can be considered is considered.

In the sixth embodiment of the present invention, each wireless terminal 12 is provided with a plurality of wireless base stations 10, in this case, both the wireless base station 10 in the “living room” and the wireless base station 10 in the “reception room”. By performing authentication and registration, the wireless terminal 12 can be used within a range where the radio waves of the two wireless base stations 10 can reach.
Specifically, a configuration may be employed in which the base information of a plurality of wireless base stations 10 can be registered and managed in each wireless terminal 12 as in the first to fifth embodiments.

The sixth embodiment of the present invention is a system in a kind of distributed network environment, and is regarded as an authentication process between wireless terminals using an authentication card in an ad-hoc (Ad-Hoc) wireless network environment. be able to.

(Other Embodiments) The invention made by the present inventors has been described in the above embodiment. However, it should be understood that the description and drawings constituting a part of this disclosure limit the invention. should not do. From this disclosure, various alternative embodiments, examples, and operation techniques will be apparent to those skilled in the art.

For example, in the first to sixth embodiments, the authentication processing using the authentication card when the wireless terminal is connected to the wireless LAN system has been described. The authentication process between wireless terminals or between a wireless base station and a wireless terminal can be applied to other applications. For example, in the authentication process on the IEEE 1394 bus, which is discussed from the viewpoint of copyright protection, the same “authentication request”, “key exchange”, “encrypted communication”
There is a series of processing flows such as: The present invention is also applicable to these processes.

In the first to sixth embodiments, the wireless LAN at home has been described as an example. However, the present invention is not limited to home use. For example, a plurality of different networks can be constructed even in a relatively narrow office space where wireless zones overlap. Therefore, the office space can be used effectively.

Thus, it should be understood that the present invention includes various embodiments and the like not described herein. Accordingly, the present invention is limited only by the matters specifying the invention according to the claims that are reasonable from this disclosure.

[0117]

According to the present invention, a wireless communication system, a wireless terminal, a wireless base station, an authentication card, and an authentication method for realizing accurate authentication in a wireless LAN system can be realized.

[Brief description of the drawings]

FIG. 1 is a diagram showing a configuration of a wireless communication system according to a first embodiment of the present invention.

FIG. 2 is a diagram illustrating a wireless communication system according to a first embodiment of the present invention.

FIG. 3 shows a specific sequence chart of an authentication method of the wireless communication system according to the first embodiment of the present invention.

FIG. 4 is a diagram showing terminal information stored in an authentication card according to the first embodiment of the present invention.

FIG. 5 is a diagram illustrating a display example of a display unit of the wireless base station according to the first embodiment of the present invention.

FIG. 6 is a diagram showing terminal information registered in a terminal information management unit of the wireless base station according to the first embodiment of the present invention.

FIG. 7 is a specific sequence chart of an authentication method of a wireless communication system according to a second embodiment of the present invention.

FIG. 8 is a diagram illustrating terminal information registered in a terminal information management unit of a wireless base station according to the second embodiment of the present invention.

FIG. 9 is a diagram illustrating a configuration of a wireless communication system according to a third embodiment of the present invention.

FIG. 10 is a specific sequence chart of an authentication method for a wireless communication system according to a third embodiment of the present invention.

FIG. 11 is a diagram showing terminal information and base information stored in an authentication card according to a third embodiment of the present invention.

FIG. 12 is a diagram showing base information registered in a base information management unit of a wireless terminal according to a third embodiment of the present invention.

FIG. 13 is a diagram illustrating terminal information registered in a terminal information management unit of a wireless base station according to the third embodiment of the present invention.

FIG. 14 is a specific sequence chart of an authentication method of a wireless communication system according to a fourth embodiment of the present invention.

FIG. 15 is a diagram illustrating a wireless communication system according to a fifth embodiment of the present invention.

FIG. 16 is a diagram illustrating a wireless communication system according to a sixth embodiment of the present invention.

FIG. 17 is a specific sequence chart of an authentication process defined in IEEE 802.11.

[Explanation of symbols]

 10, 10a Radio base station 12, 12a, 12b, 34 Radio terminal 14 Authentication card 16, 24 Radio control unit 16a Antenna 18 Authentication card reading unit 20 Terminal information management unit 22 Transmission wave 26 Authentication card writing unit 28 Terminal information holding unit 30 Storage unit 32 Wireless zone 36 Base information holding unit 38, 42 Authentication card read / write unit 40 Base information management unit 44 Authentication card read / write device

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) H04L 12/28 H04L 11/00 310B F term (Reference) 5J104 AA07 EA22 KA06 NA01 NA02 NA27 NA40 PA07 5K033 AA08 CB01 DA01 DA19 DB10 DB12 DB14 DB18 EA07 5K067 AA25 BB21 CC12 DD17 DD19 EE22 EE25 HH23 HH36 KK13 KK15 9A001 CC05 EE03 LL03

Claims (26)

[Claims] 1. A base station, at least one terminal that wirelessly communicates with the base station, and a card corresponding to at least one of the terminal and the base station, wherein authentication is performed by the corresponding terminal or base station. A wireless communication system, comprising: a storage unit for storing authentication information to be used; and at least one authentication card for transferring the authentication information between the base station and the corresponding terminal. 2. The authentication information includes at least one of an identification number of the corresponding terminal or the base station, and encryption / decryption of communication for authentication processing between the corresponding terminal and the base station. The wireless communication system according to claim 1, wherein the wireless communication system is information unique to the corresponding terminal or the base station, including a key and an encryption method of the key. 3. The authentication information includes an identification number of the base station, at least one base key for encrypting / decrypting communication with the corresponding terminal, and an encryption method of the base key. Base information unique to the base station, an identification number of the corresponding terminal, at least one terminal key for encrypting and decrypting communication with the base station, and an encryption method of the terminal key, Device-specific device information,
The wireless communication system according to claim 1, comprising at least one of the following. 4. The base station includes a reading unit connected to an authentication card for reading stored information, and a management unit for registering and managing the read information. The wireless communication system according to claim 2. 5. A read / write unit connected to an authentication card for reading stored information and writing stored base information, the base station registers and manages the read information. 4. The wireless communication system according to claim 2, further comprising: a management unit configured to store the base information in advance. 5. 6. The terminal, comprising: a reading unit connected to a corresponding authentication card and reading stored information; and a management unit for registering and managing the read information. The wireless communication system according to claim 2, wherein: 7. A read / write unit connected to an authentication card for reading stored information and writing held terminal information, and registers and manages the read information. The wireless communication system according to claim 2, further comprising: a management unit; and a holding unit that holds the terminal information in advance. 8. A terminal having a control unit for controlling wireless communication with a base station, wherein the authentication information used in an authentication process for the base station is authenticated by an authentication associated with the terminal or the base station. A wireless terminal for transferring data to and from the base station via a card. 9. The wireless terminal according to claim 8, wherein the authentication card has a storage unit for storing the authentication information. 10. The authentication information includes: an identification number of the wireless terminal; at least one key for encrypting / decrypting communication for authentication processing between the wireless terminal and the base station; The wireless terminal according to claim 8, wherein the wireless terminal or the base station is terminal information unique to the base station, the information including a key encryption method. 11. The information processing apparatus according to claim 8, further comprising: a holding unit that holds the terminal information in advance; and a writing unit that is connected to the authentication card and writes the terminal information held in the holding unit. A wireless terminal according to claim 1. 12. The authentication information includes an identification number of the base station, at least one base key for encrypting / decrypting communication with the wireless terminal, and an encryption method of the base key. Base station information unique to a base station, an identification number of the wireless terminal, at least one terminal key for encrypting / decrypting communication with the base station, and an encryption method for the terminal key, 9. The wireless terminal according to claim 8, comprising at least one of terminal information unique to the terminal. 13. A read / write unit connected to the authentication card for reading stored base information and writing stored terminal information, and a management unit for registering and managing the read base information. The wireless terminal according to claim 8, further comprising: a unit; and a holding unit that holds the terminal information in advance. 14. A base station having a control unit for controlling wireless communication with a terminal, comprising: an authentication card associated with the terminal or the base station, the authentication information used in authentication processing of the terminal. A wireless base station for transferring data to and from the terminal via a terminal. 15. The radio base station according to claim 14, wherein the authentication card has a storage unit for storing the authentication information. 16. The authentication information includes: an identification number of the terminal; at least one key for encrypting / decrypting communication for authentication processing between the terminal and the base station; and 15. The radio base station according to claim 14, wherein the radio base station includes information unique to the terminal or the radio base station, the information including an encryption system. 17. The apparatus according to claim 1, further comprising: a reading unit connected to the authentication card for reading stored terminal information; and a management unit for registering and managing the read terminal information. Item 15. The wireless base station according to item 14. 18. The authentication information includes: an identification number of the base station, at least one base key for encrypting / decrypting communication with the wireless terminal, and an encryption method of the base key. Base station information including: base information unique to a base station; an identification number of the wireless terminal; at least one terminal key for encrypting / decrypting communication with the base station; and an encryption method for the terminal key. Device information specific to,
15. The method according to claim 14, comprising at least one of the following.
A wireless base station according to item 1. 19. A read / write unit connected to the authentication card for writing base information to be held and reading stored terminal information, and a management unit for registering and managing the read terminal information. The radio base station according to claim 14, further comprising: a unit; and a holding unit that holds the base information in advance. 20. An authentication card associated with a base station or a terminal that wirelessly communicates with the base station, wherein the storage unit stores authentication information used in an authentication process between the terminal and the base station. An authentication card, comprising: transferring the authentication information between the base station and the terminal. 21. An authentication card associated with a base station or a terminal that wirelessly communicates with the base station, comprising: at least one key used in a communication process between the terminal and the base station; A storage unit for storing information unique to the terminal or the base station, including an encryption system, and passing the information stored in the storage unit between the base station and the terminal. Authentication card. 22. An authentication method comprising the following steps. (A) terminal information unique to the terminal, including an identification number of the terminal, at least one terminal key for encrypting / decrypting communication for authentication processing of the terminal, and an encryption method of the terminal key; (B) registering the passed terminal information with the base station; (c) performing wireless communication between the base station and the terminal using the terminal key Encrypting / decrypting and performing authentication processing of the terminal with respect to the base station 23. An authentication method comprising the following steps. (A) an identification number of a base station, at least one base key for encrypting and decrypting communication for authentication processing of the base station;
Passing the base information unique to the base station to the terminal via an authentication card, including: (b) an encryption method for the base key; (b) registering the passed base information to the terminal; (c) Encrypting and decrypting wireless communication between the terminal and the base station using the base key, and performing an authentication process for the terminal by the base station 24. The method further comprising, after the step of performing the authentication process, exchanging a data transmission key for encrypting and decrypting transmission data between the base station and the terminal. The authentication method according to claim 22. 25. An authentication method comprising at least one of the following steps (a), (b), (e) or (c), (d), and (e). (A) terminal information unique to the terminal, including at least one terminal key for encrypting / decrypting wireless communication with the base station, and an encryption method for the terminal key;
(B) registering the passed terminal information with the base station; (c) encrypting the identification number of the base station and wireless communication with the terminal Passing the base information unique to the base station, including at least one base key to be encrypted / decrypted, and the encryption scheme of the base key to the terminal via an authentication card; (d) the passed base Registering information in the terminal; (e) encrypting and decrypting wireless communication between the base station and the terminal using the terminal key and the base key, and performing communication between the terminal and the base station; Process of sending data with 26. The data transmission step, wherein one of the terminal key and the base key is used to encrypt / decrypt wireless communication between the base station and the terminal. Item 26. The authentication method according to Item 25.